change many remote FreeVNC 4.1.1 machine's passwords

BryceRichert
BryceRichert used Ask the Experts™
on
I'm looking for a way to change remote FreeVNC 4.1.1 machine's passwords by bulk. any ideas? We are going Enterprise next month (as I realize now it has AD authentication), but I'm leaving for a couple weeks and don't want to supply the password that is used currently.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Do you use group policies? In win2k8, you can push registry updates through group policy to change the password on the computers.

Author

Commented:
I use 2003. The registry keeps the password in hex form it looks like.

Commented:
Yes, the password is in hex form. Change it on one computer, then export the registry key. Write a simple script to import that registry such as regedit /s newvncpassword.reg.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
What would I run from my machine exactly at the command prompt? thanks for your help on this.

Commented:
First you would change the password, then you would run regedit.exe. Navigate to HKEY_LOCAL_MACHINE\Software\ORL. Click file -> export. Now you can use the command I gave you to import it from another computer.

Author

Commented:
[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]
"Password"=hex:##,##,##,##,##,##,##,##
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"QueryOnlyIfLoggedOn"=dword:00000000


If this is the export, I save that as a .reg file? all of it? and then... how do I push it?

Author

Commented:
I want to push it from my computer to 50-100 or so. are you saying I would pull it or push it? (pushing would be ideal)

Author

Commented:
The local path of the new reg file is on my desktop...

c:\\Documents and Settings\name\desktop\newfilereg\newvncfile.reg     or  

The location I want to push to is

\\srmc01\
\\srmc02\
\\srmc03\
etc...

How would I format your command (regedit /s newvncpassword.reg) to pull from that local location on my desktop and push to those destinations?

Thanks... I don't do much of this stuff. (which begs another questions, I know)



Commented:
The 50-100 computers are all part of an Active Directory correct?

Place the .reg file in a file share such as \\DOMAINCONTROLLER\NETLOGON.

Follow these instructions to make a group policy, or edit the default domain policy...

For the script, input: regedit /s \\domaincontroller\netlogon\newvncpassword.reg.

I suggest you read up more on group policies though if you have no experience with this. You may find a few computers do not change the settings immediately and you may find it cause confusion.

Commented:
If you want to script this, look into something like psexec to run remote commands on the computers you wish to push this to.

Place the .reg file on a server, such as \\server\share\newvncpassword.reg

psexec -i \\srmc01 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg
psexec -i \\srmc02 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg
psexec -i \\srmc03 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg

Author

Commented:
Again, thank you for your time on this. I appreciate it.

Every attempt at group policy adjustments I make never work out it seems :-(

Is this a way of pushing it real time or will I need to wait until a machine logs in, or an account logs in it looks like?

Is there a batch file I can run from my own computer to push it out and not use domain policies? I'd be willing to manually type in all the computer names even rather than pulling form a "computer.txt" file.

Author

Commented:
I have psexec on my computer. I'll try this one on a few and come back here and let you know how it  went. should take about a half hour or so.  I'll check back in here soon.  thanks!

If you want to script this, look into something like psexec to run remote commands on the computers you wish to push this to.

Place the .reg file on a server, such as \\server\share\newvncpassword.reg

psexec -i \\srmc01 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg
psexec -i \\srmc02 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg
psexec -i \\srmc03 c:\windows\regedit.exe /s \\server\share\newvncpassword.reg

Author

Commented:
OK. I ran this....

psexec -i \\srmc01 c:\windows\regedit.exe /s \\serverfile\public\realvnc\realvnc.reg

looks like it ran ok, but returned this.....

regedit exited on SRMC01 with error code 0.

Commented:
try to vnc to that machine, if it works - you're set! If not, come back here. ;-)

Author

Commented:
I tried logging in and it only takes the old password.

I changed my local password to the one I'm trying to use... exported it.

I changed my local vnc password back to the old one, ran the reg and it changed it successfully. So I believe I have the .reg correct.

What is error code 0? I tried the username and password switches with an admin account and it said it wasn't recongized... but I shouldn't need those if I'm throwing it from an admin authenticated machine.. no?

Author

Commented:
Should I try other switches?

Author

Commented:
Looks like error code zero means "nothing went wrong", but it still only accepts the old password. Could the HEX password be causing an issue here?

Commented:
try these:

http://darrenmccall.com/blog/2010/04/30/realvnc-password-hacking/

Substituting REG_BINARY /d d8d1e367e1d17646 with your password.

Author

Commented:
Do you mean that instead of the reg looking like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]
"Password"=hex:66,92,d7,84,e4,f0,0c,88
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"QueryOnlyIfLoggedOn"=dword:00000000


it should look like this?

[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4
"Password"=REG_BINARY /d d8d1e367e1d17646
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"QueryOnlyIfLoggedOn"=dword:00000000
 
Or do you mean this?
[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4
"Password"=REG_BINARY /d 66,92,d7,84,e4,f0,0c,88
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"QueryOnlyIfLoggedOn"=dword:00000000

 
 
(what is the d8d1e367e1d17646? Should I replace that with the hex # above? )

Commented:
no, I mean:

PsExec \\Remote-PC REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 6692d784e4f00c88 /f

Commented:
but now you should change your password because everyone on the internet knows it now.

Author

Commented:
That's not the real HEX... ha ha.

anyways, I just test changed one to "a" using

PsExec \\srwc01 REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d d8d1e367e1d17646 /f


I see now.... I will either just type the computers in, or pull in a "computers.txt" file somehow. This gives me a start.

I appreciate your help on this VERY much

Author

Commented:
Can I just use

PsExec \\* REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 6692d644e4f00c88 /f

to affect every computer on the domain to not have to call a text file?

Author

Commented:
Or can I put computers in brackets?

PsExec (\\srwc01, srwc02, srwc03) REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 6692d644e4f00c88 /f


Not that syntax obviously, but something along those lines?
Commented:
\\* should work for a domain, but if you are having problems with group policy, I wouldn't be surprised if you have a few computers that does not properly get updated.

You can use a batch script:

@echo off
:: Local script:  - save as runpsexec.bat
for /F %%A in (LIST.TXT) do (
    psexec \\%%A REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 6692d644e4f00c88 /f
)

the computers in LIST.TXT should not have the leading \\.

Author

Commented:
This is GREAT!  thanks so much for the help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial